diff options
| author | Thomas Haller <thaller@redhat.com> | 2017-01-06 12:27:58 +0100 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2017-01-09 14:50:33 +0100 |
| commit | 6fa069fad1887a32d525ee6cce1f55d60ff3fc8d (patch) | |
| tree | 6d4e3cf704186024fc3cf0bd875ac59cf616e278 | |
| parent | f0d40525dfb079820e5dce48360ef6a9a540064a (diff) | |
| download | NetworkManager-th/stable-id-bgo776904.tar.gz | |
example: add example configuration snippet '30-anon.conf'th/stable-id-bgo776904
| -rw-r--r-- | Makefile.examples | 2 | ||||
| -rw-r--r-- | examples/nm-conf.d/30-anon.conf | 55 |
2 files changed, 57 insertions, 0 deletions
diff --git a/Makefile.examples b/Makefile.examples index fcad852286..61c2b1df6e 100644 --- a/Makefile.examples +++ b/Makefile.examples @@ -137,6 +137,8 @@ EXTRA_DIST += \ examples/lua/lgi/change-vpn-username.lua \ examples/lua/lgi/deactivate-all.lua \ \ + examples/nm-conf.d/30-anon.conf \ + \ examples/python/dbus/nm-state.py \ examples/python/dbus/add-connection.py \ examples/python/dbus/add-connection-compat.py \ diff --git a/examples/nm-conf.d/30-anon.conf b/examples/nm-conf.d/30-anon.conf new file mode 100644 index 0000000000..28a9ae701a --- /dev/null +++ b/examples/nm-conf.d/30-anon.conf @@ -0,0 +1,55 @@ +# Example configuration snippet for NetworkManager to +# overwrite some default value for more privacy. +# Put it for example to /etc/NetworkManager/conf.d/30-anon.conf +# +# See man NetworkManager.conf(5) for how default values +# work. See man nm-settings(5) for the connection properties. +# +# +# This enables privacy setting by default. The defaults +# apply only to settings that do not explicitly configure +# a per-connection override. +# That means, if the connection profile has +# +# $ nmcli connection show "$CON_NAME" | +# grep '^\(connection.stable-id\|ipv6.addr-gen-mode\|ipv6.ip6-privacy\|802-11-wireless.cloned-mac-address\|802-11-wireless.mac-address-randomization\|802-3-ethernet.cloned-mac-address\)' +# connection.stable-id: -- +# 802-3-ethernet.cloned-mac-address: -- +# 802-11-wireless.cloned-mac-address: -- +# 802-11-wireless.mac-address-randomization:default +# ipv6.ip6-privacy: -1 (unknown) +# ipv6.addr-gen-mode: stable-privacy +# +# then the default values are inherited and thus both the MAC +# address and the IPv6 host identifier are randomized. +# Also, ipv6 private addresses (RFC4941) are used in +# addition. +# +# +# For some profiles it can make sense to reuse the same stable-id +# (and thus MAC address and IPv6 host identifier) for the duration +# of the current boot, but still exclusive to the connection profile. +# Thus, explicitly set the stable-id like: +# +# $ nmcli connection modify "$CON_NAME" connection.stable-id '${CONNECTION}/${BOOT}' +# +# ... or keep it stable accross reboots, still distinct per profile: +# +# $ nmcli connection modify "$CON_NAME" connection.stable-id '${CONNECTION}' +# +# ... or use the same stable IDs for a bunch of profiles +# +# $ nmcli connection modify "$CON_NAME" connection.stable-id 'my-home-wifi yada yada' +# +# ... or use the same IDs for a bunch of profiles, but only for the current boot +# +# $ nmcli connection modify "$CON_NAME" connection.stable-id 'my-home-wifi yada yada/${BOOT}' + +[device-anon] +wifi.scan-rand-mac-address=yes + +[connection-anon] +connection.stable-id=${RANDOM} +ethernet.cloned-mac-address=stable +wifi.cloned-mac-address=stable +ipv6.ip6-privacy=2 |